WannaCry cyber attack compromised some Russian banks: central bank

MOSCOW (Reuters) - The WannaCry ransomware attack compromised the systems of Russian banks in some isolated cases, the Russian central bank said on Friday in the first official acknowledgement by Moscow that the virus had an impact on the country’s banking system.

In a statement, the central bank said the consequences of the hacking attack - which it did not detail - had been dealt with quickly. The central bank had previously said Russian banks were targeted in the global cyber extortion campaign late last week, but that the attack had been unsuccessful.

On Friday, the central bank said it had sent recommendations to Russian banks to update their Windows software in April, before the WannaCry attack on May 12.

After the attack, the central bank reissued its recommendations to Russian banks, it said, adding that it would start publishing statements on its website about cyber attacks it had caught as well as steps taken to reinforce IT security.

“As a result of the malicious WannaCry software being spread, we recorded isolated cases of credit organizations’ resources being compromised,” the central bank said.

The WannaCry attack was global in scale, affecting computer systems in dozens of countries. But Russia was among the hardest hit, with the attack exposing security flaws in some of its largest institutions.

There has so far been only scant evidence that banks’ systems outside Russia have been compromised. There have been reports of WannaCry ransom demands appearing on ATM screens in Asia, but these have not been verified by Reuters.

Russia’s largest bank Sberbank said late last week it had been attacked by a virus but that its systems were not infected. It declined to comment when contacted by Reuters on Friday about the central bank statement.

Two security researchers who investigated the attack told Reuters that rival lender VTB was attacked, but they said it was unclear if any damage to the bank’s system resulted, or what the extent of any damage had been.

The two researchers said they did not want to be identified discussing confidential security matters.

VTB did not comment on whether it was attacked but said its systems and of those of its VTB24 retail banking business were operating normally.

“The weaknesses exploited by the virus which attacked computers all over the world and paralyzed the work of many large companies do not exist in the banking group’s systems,” it said in response to a request for comment.

Sergey Golovanov, principal security researcher at Russia’s Kaspersky Lab, said “a couple” of Russian banks had encountered the WannaCry malware. He did not name them.

“In most cases the infections hit either PCs belonging to ordinary employees or some non-critical systems,” he said.

“Embedded systems are very often running on old versions of operating systems and they could easily become a target of malware like WannaCry.”

Russia’s relationship to cyber crime is under intense scrutiny after U.S. intelligence officials alleged that Russian hackers had tried to help Republican Donald Trump win the U.S. presidency by hacking Democratic Party servers.

The Kremlin has repeatedly denied the allegation.

Bombarded by allegations of state-sponsored hacking, Moscow is now keen to show Russia too is a frequent victim of cyber crime and that it is working hard to combat it.